Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Tagged VLANs from Wireless AP (420) to 4208vl Switch

Ezugo
Advisor

Tagged VLANs from Wireless AP (420) to 4208vl Switch

hi all,

I'm preparing to set up a wireless AP to allow access to 2 SSID - one allowed on our LAN and the other going straight to the internet.
I am doing this by creating a VLAN on a 4208vl switch and tagging traffic from the wireless AP.

this is the first time I am doing this - I just want to make sure my plan is o.k. and that I am not missing anything.

Here's my plan of action:

- Create a new VLAN on the switch (4208vl)
- Make the internet router a member of the new VLAN and default VLAN
- AP would be plugged into the new VLAN on a port that is also member of Default VLAN
- Configure AP routes
--- Enable VLAN on the AP
--- Assign a VLAN ID 1 for Default SSID (straight to the internet)
--- Create a VLAN ID 2 for Internal users SSID (LAN access)
- On our switch I need to configure it to route the VLAN IDs from the AP to the right places
--- Traffic tagged with ID 1 goes to the internet
--- Traffic tagged with ID 2 is allowed on LAN

any thoughts appriciated.
1 REPLY
Pieter 't Hart
Honored Contributor

Re: Tagged VLANs from Wireless AP (420) to 4208vl Switch

- Create a new VLAN on the switch (4208vl)
=> no question about that.
- Make the internet router a member of the new VLAN and default VLAN
=> dont' forget ip-adressing.
- AP would be plugged into the new VLAN on a port that is also member of Default VLAN
=> us alle tagged vlan's
- Configure AP routes
=> if traffic stays within same vlan, no routing needs configured
--- Enable VLAN on the AP
--- Assign a VLAN ID 1 for Default SSID (straight to the internet)
=> better not use default vlan for client traffic
--- Create a VLAN ID 2 for Internal users SSID (LAN access)
- On our switch I need to configure it to route the VLAN IDs from the AP to the right places
--- Traffic tagged with ID 1 goes to the internet
--- Traffic tagged with ID 2 is allowed on LAN
=> if vlan's don't need to talk to eachother, you don't need to configure "routing".